4 * Barebones SASL authentication service for XMPP (Jabber) clients.
6 * Note: RFC3920 says we "must" support DIGEST-MD5 but we only support PLAIN.
8 * Copyright (c) 2007-2009 by Art Cancro
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 3 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
34 #include <sys/types.h>
36 #if TIME_WITH_SYS_TIME
37 # include <sys/time.h>
41 # include <sys/time.h>
52 #include <libcitadel.h>
55 #include "citserver.h"
59 #include "internet_addressing.h"
61 #include "ctdl_module.h"
62 #include "serv_xmpp.h"
66 * PLAIN authentication. Returns zero on success, nonzero on failure.
68 int xmpp_auth_plain(char *authstring)
70 char decoded_authstring[1024];
78 /* Take apart the authentication string */
79 memset(pass, 0, sizeof(pass));
81 CtdlDecodeBase64(decoded_authstring, authstring, strlen(authstring));
82 safestrncpy(ident, decoded_authstring, sizeof ident);
83 safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
84 len = safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
88 /* If there are underscores in either string, change them to spaces. Some clients
89 * do not allow spaces so we can tell the user to substitute underscores if their
90 * login name contains spaces.
92 convert_spaces_to_underscores(ident);
93 convert_spaces_to_underscores(user);
95 /* Now attempt authentication */
97 if (!IsEmptyStr(ident)) {
98 result = CtdlLoginExistingUser(user, ident);
101 result = CtdlLoginExistingUser(NULL, user);
104 if (result == login_ok) {
105 if (CtdlTryPassword(pass, len) == pass_ok) {
106 return(0); /* success */
110 return(1); /* failure */
115 * Output the list of SASL mechanisms offered by this stream.
117 void xmpp_output_auth_mechs(void) {
118 cprintf("<mechanisms xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
119 cprintf("<mechanism>PLAIN</mechanism>");
120 cprintf("</mechanisms>");
124 * Here we go ... client is trying to authenticate.
126 void xmpp_sasl_auth(char *sasl_auth_mech, char *authstring) {
128 if (strcasecmp(sasl_auth_mech, "PLAIN")) {
129 cprintf("<failure xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
130 cprintf("<invalid-mechanism/>");
131 cprintf("</failure>");
135 if (CC->logged_in) CtdlUserLogout(); /* Client may try to log in twice. Handle this. */
138 cprintf("<failure xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
139 cprintf("<system-shutdown/>");
140 cprintf("</failure>");
143 else if (xmpp_auth_plain(authstring) == 0) {
144 cprintf("<success xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\"/>");
148 cprintf("<failure xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
149 cprintf("<not-authorized/>");
150 cprintf("</failure>");
157 * Non-SASL authentication
159 void xmpp_non_sasl_authenticate(char *iq_id, char *username, char *password, char *resource) {
163 if (CC->logged_in) CtdlUserLogout(); /* Client may try to log in twice. Handle this. */
165 result = CtdlLoginExistingUser(NULL, username);
166 if (result == login_ok) {
167 result = CtdlTryPassword(password, strlen(password));
168 if (result == pass_ok) {
169 cprintf("<iq type=\"result\" id=\"%s\"></iq>", xmlesc(xmlbuf, iq_id, sizeof xmlbuf)); /* success */
175 cprintf("<iq type=\"error\" id=\"%s\">", xmlesc(xmlbuf, iq_id, sizeof xmlbuf));
176 cprintf("<error code=\"401\" type=\"auth\">"
177 "<not-authorized xmlns=\"urn:ietf:params:xml:ns:xmpp-stanzas\"/>"